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A Real-Time Website Privacy Inspector 
By 


Who is peeking over your shoulder while you work, watch videos, learn, explore, and shop on the 
internet? Enter the address of any website, and Blacklight will scan it and reveal the specific 
user-tracking technologies on the site—and who's getting your data. You may be surprised at 
what you learn. 


Visited prudential.com on Jun. 22, 2022, 16:20 ET Learn more /“ 


Blacklight Inspection Result 


Blacklight works by visiting each website with a headless browser running custom 


Ad trackers found on this site. 
26 This is more than the average of seven that we found on nN 
popular sites. 


Websites containing advertising tracking technology load Javascript code or 
small invisible images that are used to either build your advertising profile or to 
identify you for ad targeting on this site. These techniques are often used in 
addition to cookies to profile you. 


Blacklight detected trackers on this page sending data to companies involved 
in online advertising. Blacklight detected scripts belonging to MediaMath, Inc., 
Facebook, Inc., Mouseflow, Linkedin Corporation, Alphabet, Inc., Ensighten, 
Inc, WarnerMedia, LLC, Demandbase, Inc., Beeswax, Twitter, Inc., TowerData, 
Inc., Verizon Media, Oracle Corporation, Microsoft Corporation, and Adobe 
Inc.. 


How We Define This Survey of Popular Websites 


Third-party cookies were found. 
46 This is more than the average of three that we found on n~ 
popular sites. 


These are commonly used by advertising tracking companies to profile you 
based on your internet usage. 


Blacklight detected 46 third-party cookies on this site. Blacklight detected 
cookies set for Microsoft Corporation, LinkedIn Corporation, Oracle 
Corporation, Demandbase, Inc., Adobe Inc., MediaMath, Inc., Index Exchange, 
Inc., Twitter, Inc., Beeswax, Amobee, Inc, Alphabet, Inc., Verizon Media, The 
Rubicon Project, Inc., TowerData, Inc., The Trade Desk Inc, WarnerMedia, LLC, 
and Bidtellect, Inc. 


How We Define This Survey of Popular Websites 


ai This website loads trackers on your computer that are 
il designed to evade third-party cookie blockers. 


Canvas fingerprinting was detected on this website. This technique is designed 
to identify users even if they block third-party cookies. It can be used to track 
users' behavior across sites. This technique was used by six percent of popular 


Blacklight detected a script loaded from prudential.com doing this on this site. 


It secretly draws the following image on your browser when you visit this 


website for the purpose of identifying your device. 


k glyphs vext quiz, 


This website could be monitoring your keystrokes and 
mouse clicks. 


Blacklight detected the use of a session recorder, which tracks user mouse 
movement, clicks, taps, scrolls, or even network activity. This data is compiled 
into videos and heat maps that website owners can watch to see how users 
interact with the site. Research has shown these practices can be insecure and 
make sensitive user data such as passwords and credit card information more 
vulnerable to leaks. This technique was used by fifteen percent of popular 


Blacklight detected a script belonging to the company Mouseflow doing this 
on this site. 


However... 
While Blacklight can detect whether a session recorder was loaded, it cannot 
determine exactly how the collected data is being used. 


How We Define This 


We found this website capturing user keystrokes. nw 


Key logging is when a website captures the text that you type into a webpage 
before you hit the submit button. This technique has been used to identify 
anonymous web users by matching them to postal addresses and real names. 


On the site you are inspecting, information entered in the name, family-name, 


given-name fields were logged. 


Blacklight detected a script loaded from prudential.com doing this on this site. 


However... 

There are other reasons for key logging, such as providing autocomplete 
functionality. Blacklight cannot determine the intent behind the inspected 
website's use of this technique. 


How We Define This 


= When you visit this site, it tells Facebook — even if you 
block cookies. 


The Facebook pixel is a snippet of code that sends data back to Facebook 
about people who visit this site and allows the site operator to later target them 
with ads on Facebook. A Facebook spokesperson told The Markup that the 
company set up this system so that a user doesn’t have to be “simultaneously 
logged into Facebook and viewing a third-party website for our business tools 
to function.” Common actions that can be tracked via pixel include viewing a 
page or specific content, adding payment information, or making a purchase. 
The Facebook pixel appeared in thirty percent of popular websites when we 
scanned them in September 2020. 


This website seems to be using Facebook pixel "advanced matching" feature, 
which allows the site to share data about visitors with Facebook even if users 
block Facebook cookies. 


This site sent Email, First Name and Last Name 


How We Define This 


G This site allows Google Analytics to follow you across the 
internet. 


This site uses Google Analytics and seems to use its "remarketing audiences” 
feature that enables user tracking for targeted advertising across the internet. 
This feature allows a website to build custom audiences based on how a user 
interacts with this particular site and then follow those users across the 

internet and target them with advertising on other sites using Google Ads and 
Display & Video 360. A Google spokesperson told The Markup that site 


is used to connect this browsing data with someone's real-world identity. You 


know when those shoes you were looking at follow you around the internet? 
This is one of the trackers leading to that. This feature appeared in fifty percent 


Some of the ad-tech companies this website interacted with: 


The inspected website contacted some well known actors in the ad-tech industry. Not all 
of these loaded trackers, so they may be different from those listed in the tests section 
above. For more information on each company, what it does, and which of its domains 
Blacklight found during the inspection, click the arrow. Reading this can give you a better 
idea of how the ad-tech industry works. 


they want to opt out of the company showing them targeted ads based on their browsing 
history. 


The site sent information to the following domains doubleclick.net, google- 
analytics.com, google.com, googleadservices.com, googleapis.com, 
googletagmanager.com. 


Company description accurate on Sept. 3,2020 Read Google's Privacy Policy 


provides site operators insights about the popularity of their websites. (This Alexa is 
unrelated to Amazon’s virtual assistant of the same name.) Representatives from Amazon 
did not respond to multiple requests for comment. 


The site sent information to the following domain amazonaws.com. 


Company description accurate on Sept. 3,2020 Read Amazon's Privacy Policy 


branched out more broadly into advertising. In 2019, it purchased Drawbridge, which a 
company spokesperson told The Markup allows LinkedIn to “infer a member's association 
LinkedIn executive told Ad Exchanger the company hoped Drawbridge will fill in some of 
the blind spots LinkedIn has on its users. 


The site sent information to the following domains adsymptotic.com, licdn.com, 
linkedin.com. 


Company description accurate on Sept. 3,2020 Read Linkedin's Privacy Policy 


internet. A MediaMath spokesperson told The Markup that the company’s service also 
allows advertisers to combine their data about potential customers with information 
collected by other ad tech companies and data brokers for more accurate ad targeting. 


The site sent information to the following domain mathtag.com. 


consumers to target ads. Of the many Microsoft-related trackers that appeared in our 
scan of the internet’s top 80,000 most popular websites, those associated with Bing were 
the most common. A Microsoft spokesperson declined to tell The Markup how user data 
being sent to its domains was being used. 


The site sent information to the following domain bing.com. 


Company description accurate on Sept. 3,2020 Read Microsoft's Privacy Policy 


many different products and services is AddThis, a set of buttons that float on top of a 


website and allow for quick sharing on social media of the page being viewed. These 
buttons collect data from users and can introduce other third-party tracking technologies 
they already have on consumers and enhance it with information acquired either from 
data brokers or Oracle itself—for example, linking a person to all the different devices he 
or she uses. An Oracle spokesperson told The Markup that the company has “actionable 


The site sent information to the following domains bkrtx.com, bluekai.com, eloqua.com, 
en25.com, maxymiser.net. 


Company description accurate on Sept. 3,2020 Read Oracle's Privacy Policy 


comment. 


The site sent information to the following domain rubiconproject.com. 


Tower Data did not respond to multiple requests for comment. 


The site sent information to the following domain rlcdn.com. 


with Yahoo! and AOL (specifically, advertising.com, which was part of AOL before 


Verizon’s purchase of the company) appeared the most frequently among the many 


Representatives from Verizon did not respond to multiple requests for comment. 


The site sent information to the following domain yahoo.com. 


Blacklight results should not be taken as the final word on potential privacy violations by a given website. Rather, 


they should be treated as an initial automated inspection that requires further investigation before a definitive 
claim can be made. 


DuckDuckGo's Tracker Radar last updated Sept. 3, 2020. For more information on how we use it, read our 
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